DRYing Out MVC (ESaaS 5.1)"
|
|
- Kellie Sharp
- 5 years ago
- Views:
Transcription
1 DRYing Out MVC (ESaaS 5.1)" Armando Fox" 2013 Armando Fox & David Patterson, all rights reserved
2 Don t Repeat Yourself but how?" Goal: enforce that movie names must be less than 40 characters" Call a check function from every place in app where a Movie might get created or edited? That s not DRY!" How do we DRY out cross-cutting concerns: Logically centralized, but may appear multiple places in implementation?"
3 Background & History: GO TO & COME FROM" CACM, 1968 Letter to Editor"
4 Aspect-Oriented Programming" Advice is a specific piece of code that implements a cross-cutting concern" Pointcuts are the places you want to inject advice at runtime" Advice+Pointcut = Aspect" Goal: DRY out your code"
5 Rails Example: Validations" Specify declaratively in model class" Validation is advice in AOP sense " many places in app where a model could be modified/updated" including indirectly via associations!" So where are the pointcuts?"
6 Model Lifecycle Callbacks Allows Pre and Post Operations" movie.create movie.save (new record) before_validation before_validation_on_create movie.update_attributes movie.save (existing record) before_validation before_validation_on_update Validation automatically happens here" Run validations after_validation after_validation_on_create before_save before_create INSERT INTO movies... after_create after_save movie. rb after_validation after_validation_on_update before_save before_update UPDATE movies... after_update after_save Run validations or when you call valid? if fail, save will fail model.errors is an ActiveRecord::Errors object with cool behaviors of its own See Screencast 7.1.1"
7 Example: controller filters" Filters declared in a controller also apply to its subclasses" Corollary: filters in ApplicationController apply to all controllers" A filter can change the flow of execution! by calling redirect_to or render You should add something to the flash to explain to the user what happened, otherwise will manifest as a silent failure!
8 Validations vs. Filters" Advice (DRYness)" Validation! Filter! Check invariants on model" Check conditions for allowing controller action to run" Pointcut! AR model lifecycle hooks" Before and/or after any public controller method" Can change execution flow?" Can define advice in arbitrary function?" Info about errors?" No" Yes; shortcuts provided for common cases" Each model object has associated errors object" Yes" Yes, must provide function" Con: Can make code harder to debug! Capture in flash[], session[], or instance variable"
9 Summary so far" Aspect-oriented programming is a way of DRYing out cross-cutting concerns" Ruby doesn t have fully-general AOP, but Rails provides some predefined pointcuts" Validations check or assert pre/post conditions at key points during model lifecycle" Controller filters check or assert pre/post conditions related to controller actions" and can change control flow (redirect, render)" Partials DRY out views (though not AOP)"
10 Which Ruby language features support the DRYness enabled by validations & filters: (a) higher-order functions, (b) closures, (c) metaprogramming" " Only (a)" Only (a) & (b)" Only (a) & (c)" (a), (b) and (c)" 10"
11 Single Sign-On and Third-Party Authentication (ESaaS 5.2)" Armando Fox" 2013 Armando Fox & David Patterson, all rights reserved
12 Third-party authentication" Goal: What are my Facebook friends reading on the NY Times site?" NY Times needs to be able to access your Facebook info" but you don t want to reveal your Facebook password to NY Times! " How can we do this? => Third-party authentication" Logos shown for educational purposes only and are the intellectual property of their owners.
13 Who are you and what are you doing here?" Authentication: prove you are who you say" Username & secret password" Hold private key that matches public key" Possess cryptographic certificate signed by a trusted third party" Authorization: prove you are allowed to do what you re asking" does system record you as having privilege?" do you have a token or capability that lets you do something?"
14 Web 1.0" Every site has separate passwords" Most sites had no RESTful API, so had to actually log in (or simulate it)" Doesn t work for SOA!" Hard for services to cooperate if you need to login interactively to every service, every time" Desired solution: single-sign-on (SSO)" But don t want to reveal service A password to service B!
15 How does it work? (concepts)" Building block: tamper-evident secure token" Using cryptography, I create a string that:" Only I can decrypt (decode)" I can detect if it s been tampered with" No one else could have created it without knowing my secret key" Usually, string just contains a handle to valuable info that I store myself" Receive string => I know I can trust the handle"
16 Third-Party Auth with Twitter & RottenPotatoes" 1. Login with Twitter 2. Redirect to Twitter login page 3. OK to authorize this app? Logos shown for educational purposes only and are the intellectual property of their owners.
17 Third-Party Auth with Twitter & RottenPotatoes" 7. Welcome, Armando 5. Redirect to RP callback page with access token 4. Yes, please give away my personal info 6. Here s a token that proves I m allowed to know this user s name Logos shown for educational purposes only and are the intellectual property of their owners.
18 How does it work? (MVC)" Model session as its own entity" session controller creates and deletes session, handles interaction with auth provider" Once user is authenticated, we need a local users model to represent him/her" session[] remembers primary key (ID) of currently authenticated user " OmniAuth gem helps a lot by providing uniform API to different strategies "
19 Which is true about third-party authentication between a requester and a provider?" Once completed, the requester can do anything you " can do on the provider" If your credentials on the requester are compromised, your credentials on the provider are also compromised " If the provider revokes access, the requester no longer has any of your info" Access can be time-limited to expire on a preset date" 19"
20 Single Sign-On Example (ESaaS 5.3)" Armando Fox" 2013 Armando Fox & David Patterson, all rights reserved
21 Associations & Foreign Keys (ESaaS 5.3)" Armando Fox" 2013 Armando Fox & David Patterson, all rights reserved
22 Reviews for RottenPotatoes" Simple model: I give it 4 potatoes out of 5 " Goal: easily represent the concept that movie has many reviews" The code we d like to write but how?"
23 Cartesian Product" table 'artists' table 'reviews' id name id desc artist_id 10 Justin 30 "Terrible" Shakira 31 "Passable" Britney 32 "Please" 10 Cartesian product: artists JOIN reviews artists.id artists.name reviews.id reviews.desc reviews.artist_id 10 Justin 30 "Terrible" Justin 31 "Passable" Justin 32 "Please" Shakira 30 "Terrible" Shakira 31 "Passable" Shakira 32 "Please" Britney 30 "Terrible" Britney 31 "Passable" Britney 32 "Please" 10 Filtered Cartesian product: artists JOIN reviews ON artists.id = reviews.artist_id artists.id artists.name reviews.id reviews.desc reviews.artist_id 10 Justin 32 "Please" Shakira 31 "Passable" Britney 30 "Terrible" 12
24 Expressing Has Many in terms of Relational DB model" foreign key (FK) in one table refers to the primary key of another table" reviews" movies" id" title" id*" movie_id" potatoes" rating" release_date"
25 Databases 101" joins are queries that combine records from 2 or more tables using PKs and FKs" movies" id"..." reviews" SELECT * FROM movies, reviews WHERE movies.id = reviews.movie_id id" movie_id"..." Cartesian product"
26 Which statement is false regarding Cartesian products as a way of representing relationships?" You can represent one-to-one relationships as " well as one-to-many relationships" You can represent many-to-many relationships" The size of the full Cartesian product is independent of the join criteria" You can only filter based on on primary or foreign key (id) columns" 26"
27 ActiveRecord Association Support (ESaaS 5.3)" Armando Fox" 2013 Armando Fox & David Patterson, all rights reserved
28 ActiveRecord Associations" allows manipulating DB-managed associations more Rubyistically" after setting things up correctly, you don't have to worry (much) about keys and joins" class Movie < ActiveRecord::Base has_many :reviews end class Review < ActiveRecord::Base belongs_to :movie 28 end" The foreign key belongs to me "
29 Basic idea " reviews table gets a foreign key (FK) field that has primary key of Movie a review is for" Dereference movie.reviews == perform database join (lazily) to find reviews where movie_id == movie.id Dereference review.movie == look up the one movie whose PK id == review.movie_id Note! must add FK fields using a migration!"
30 Association proxy methods! Now you can # Enumerable of reviews And also go the other # what movie is reviewed? You can add new reviews for a = => # how are these different from just new() & # instantly FK in => '...')
31 Which Ruby language mechanisms would be appropriate for implementing associations that can be used by ActiveRecord models?" (a) build behaviors into ActiveRecord::Base" (b) put behaviors in their own Module" (c) put behaviors in their own Class" "Only (a)" " (a) or (b), but not (c)" " (a) or (c), but not (b)" " Any of (a), (b), or (c) would be equally suitable" 31"
Validations vs. Filters
Validations vs. Filters Advice (DRYness) Validation Filter Check invariants on model Check conditions for allowing controller action to run Pointcut AR model lifecycle hooks Before and/or after any public
More informationAssociations: mechanics (ESaaS 5.3)"
Associations: mechanics (ESaaS 5.3)" Armando Fox" 2013 Armando Fox & David Patterson, all rights reserved How does it work?" Models must have attribute for foreign key of owning object" e.g., movie_id
More informationA shortcut: has and belongs to many (habtm)
A shortcut: has and belongs to many (habtm) join tables express a relationship between existing model tables using FKs Join table has no primary key because there s no object being represented! ttvgtnlx
More informationCaching: Improving Rendering Time & Database Performance (ESaaS 12.6)! 2013 Armando Fox & David Patterson, all rights reserved
Caching: Improving Rendering Time & Database Performance (ESaaS 12.6)! 2013 Armando Fox & David Patterson, all rights reserved The fastest database is the one you don t use" Caching: Avoid touching database
More informationCS169.1x Lecture 6: Basic Rails" Fall 2012"
CS169.1x Lecture 6: Basic Rails" Fall 2012" 1" The Database is Golden Contains valuable customer data don t want to test your app on that! Rails solution: development, production and test environments
More informationDistributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018
Distributed Systems 25. Authentication Paul Krzyzanowski Rutgers University Fall 2018 2018 Paul Krzyzanowski 1 Authentication For a user (or process): Establish & verify identity Then decide whether to
More informationDependency Injection (ESaaS 11.6)! 2013 Armando Fox & David Patterson, all rights reserved
Dependency Injection (ESaaS 11.6)! 2013 Armando Fox & David Patterson, all rights reserved Dependency Inversion & Dependency Injection" Problem: a depends on b, but b interface & implementation can change,
More informationCS November 2018
Authentication Distributed Systems 25. Authentication For a user (or process): Establish & verify identity Then decide whether to allow access to resources (= authorization) Paul Krzyzanowski Rutgers University
More informationLecture 8. Validations & Sessions 1 / 41
Lecture 8 Validations & Sessions 1 / 41 Advanced Active Record 2 / 41 More Complex Queries Arel provides us with a number of methods to query our database tables So far, we've only used find which limits
More informationEnhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation
Enhancing cloud applications by using external authentication services After you complete this section, you should understand: Terminology such as authentication, identity, and ID token The benefits of
More informationOAuth securing the insecure
Black Hat US 2011 khash kiani khash@thinksec.com OAuth securing the insecure roadmap OAuth flow malicious sample applications mobile OAuth google app web-based OAuth facebook app insecure implementation
More informationWarm Up to Identity Protocol Soup
Warm Up to Identity Protocol Soup David Waite Principal Technical Architect 1 Topics What is Digital Identity? What are the different technologies? How are they useful? Where is this space going? 2 Digital
More informationDigital Certificates Demystified
Digital Certificates Demystified Ross Cooper, CISSP IBM Corporation RACF/PKI Development Poughkeepsie, NY Email: rdc@us.ibm.com August 9 th, 2012 Session 11622 Agenda Cryptography What are Digital Certificates
More informationSecuring ArcGIS for Server. David Cordes, Raj Padmanabhan
Securing ArcGIS for Server David Cordes, Raj Padmanabhan Agenda Security in the context of ArcGIS for Server User and Role Considerations Identity Stores Authentication Securing web services Protecting
More informationAuthentication CS 4720 Mobile Application Development
Authentication Mobile Application Development System Security Human: social engineering attacks Physical: steal the server itself Network: treat your server like a 2 year old Operating System: the war
More informationIntroduction Secure Message Center (Webmail, Mobile & Visually Impaired) Webmail... 2 Mobile & Tablet... 4 Visually Impaired...
WEB MESSAGE CENTER END USER GUIDE The Secure Web Message Center allows users to access and send and receive secure messages via any browser on a computer, tablet or other mobile devices. Introduction...
More informationBackend IV: Authentication, Authorization and Sanitization. Tuesday, January 13, 15
6.148 Backend IV: Authentication, Authorization and Sanitization The Internet is a scary place Security is a big deal! TODAY What is security? How will we try to break your site? Authentication,
More informationData encryption & security. An overview
Data encryption & security An overview Agenda Make sure the data cannot be accessed without permission Physical security Network security Data security Give (some) people (some) access for some time Authentication
More informationContents in Detail. Foreword by Xavier Noria
Contents in Detail Foreword by Xavier Noria Acknowledgments xv xvii Introduction xix Who This Book Is For................................................ xx Overview...xx Installation.... xxi Ruby, Rails,
More informationYour Auth is open! Oversharing with OpenAuth & SAML
Your Auth is open! Oversharing with OpenAuth & SAML Andrew Pollack Northern Collaborative Technologies 2013 by the individual speaker Sponsors 2013 by the individual speaker Who Am I? Andrew Pollack President
More informationDeploying OAuth with Cisco Collaboration Solution Release 12.0
White Paper Deploying OAuth with Cisco Collaboration Solution Release 12.0 Authors: Bryan Morris, Kevin Roarty (Collaboration Technical Marketing) Last Updated: December 2017 This document describes the
More informationCopyright
This video looks at Claim Based/Identity Based systems using Active Directory Federation Services as an example. An example of a claim based system is where the user logs into a system like a web page
More informationOverview of Authentication Systems
Overview of Authentication Systems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-07/
More informationSecuring the New Perimeter:
Microsoft Future Decoded Securing the New Perimeter: Identity as the Keystone with Heathrow Airport 01/11/2018 Divider Title Slide Name Here Some Facts & Figures.. Passengers Team Heathrow Flights Size
More informationNigori: Storing Secrets in the Cloud. Ben Laurie
Nigori: Storing Secrets in the Cloud Ben Laurie (benl@google.com) April 23, 2013 1 Introduction Secure login is something we would clearly like, but achieving it practically for the majority users turns
More informationRuby on Rails Welcome. Using the exercise files
Ruby on Rails Welcome Welcome to Ruby on Rails Essential Training. In this course, we're going to learn the popular open source web development framework. We will walk through each part of the framework,
More informationGrandstream Networks, Inc. Captive Portal Authentication via Twitter
Grandstream Networks, Inc. Table of Content SUPPORTED DEVICES... 4 INTRODUCTION... 5 CAPTIVE PORTAL SETTINGS... 6 Policy Configuration Page... 6 Landing Page Redirection... 8 Pre-Authentication Rules...
More informationSingle Sign-On Showdown
Single Sign-On Showdown ADFS vs Pass-Through Authentication Max Fritz Solutions Architect SADA Systems #ITDEVCONNECTIONS Azure AD Identity Sync & Auth Timeline 2009 2012 DirSync becomes Azure AD Sync 2013
More informationCreating the Data Layer
Creating the Data Layer When interacting with any system it is always useful if it remembers all the settings and changes between visits. For example, Facebook has the details of your login and any conversations
More informationOpen Source in the Corporate World. Open Source. Single Sign On. Erin Mulder
Open Source in the Corporate World Open Source Single Sign On Erin Mulder Agenda Introduction Single Sign On for Multiple s Shared directory (e.g. OpenLDAP) Proxy systems (e.g. Yale CAS) X.509 certificates
More informationPrivacy and Security in Online Social Networks Department of Computer Science and Engineering Indian Institute of Technology, Madras
Privacy and Security in Online Social Networks Department of Computer Science and Engineering Indian Institute of Technology, Madras Lecture 08 Tutorial 2, Part 2, Facebook API (Refer Slide Time: 00:12)
More informationUser Authentication. Modified By: Dr. Ramzi Saifan
User Authentication Modified By: Dr. Ramzi Saifan Authentication Verifying the identity of another entity Computer authenticating to another computer Person authenticating to a local/remote computer Important
More informationSafeNet Authentication Manager
SafeNet Authentication Manager Version 8.0 Rev A User s Guide Copyright 2010 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate.
More informationUsing OAuth 2.0 to Access ionbiz APIs
Using OAuth 2.0 to Access ionbiz APIs ionbiz APIs use the OAuth 2.0 protocol for authentication and authorization. ionbiz supports common OAuth 2.0 scenarios such as those for web server, installed, and
More informationRemote Support 19.1 Web Rep Console
Remote Support 19.1 Web Rep Console 2003-2019 BeyondTrust Corporation. All Rights Reserved. BEYONDTRUST, its logo, and JUMP are trademarks of BeyondTrust Corporation. Other trademarks are the property
More informationRemote Desktop How to guide
CaseMap Remote Desktop for Windows User Contents How to open Remote Desktop Connection and Login to the Terminal Server... 2 How to save your connection settings and create a shortcut on your desktop...
More informationRethinking Authentication. Steven M. Bellovin
Rethinking Authentication Steven M. https://www.cs.columbia.edu/~smb Why? I don t think we understand the real security issues with authentication Our defenses are ad hoc I regard this as a step towards
More informationData Source Kerberos / oauth On the Wire Explaining Kerberos Constrained Delegation with Protocol Transition and Oauth for Data Source Single Sign On
Welcome 1 8 B I - 11 3 Data Source Kerberos / oauth On the Wire Explaining Kerberos Constrained Delegation with Protocol Transition and Oauth for Data Source Single Sign On John Kew Manager / Connectivity
More informationCSCI 667: Concepts of Computer Security. Lecture 9. Prof. Adwait Nadkarni
CSCI 667: Concepts of Computer Security Lecture 9 Prof. Adwait Nadkarni 1 Derived from slides by William Enck, Micah Sherr, Patrick McDaniel, Peng Ning, and Vitaly Shmatikov Authentication Alice? Bob?
More informationCommunication. Identity
Mailock User guide OUR MISSION STATEMENT To Secure your Communication Data Identity Contents Introducing Mailock... 5 Business Users... 5 What do you need to run Mailock?... 5 In a browser... 5 On a mobile
More informationAuthentication CHAPTER 17
Authentication CHAPTER 17 Authentication Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources. getting entrance
More informationEntrust PartnerLink Login Instructions
Entrust PartnerLink Login Instructions Contents Introduction... 4 Purpose 4 Overview 4 Prerequisites 4 Instructions... 5 Entrust is a registered trademark of Entrust, Inc. in the United States and certain
More informationRemote Support Web Rep Console
Remote Support Web Rep Console 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their
More informationUser Authentication. Modified By: Dr. Ramzi Saifan
User Authentication Modified By: Dr. Ramzi Saifan Authentication Verifying the identity of another entity Computer authenticating to another computer Person authenticating to a local/remote computer Important
More informationIntroduction to application management
Introduction to application management To deploy web and mobile applications, add the application from the Centrify App Catalog, modify the application settings, and assign roles to the application to
More informationAdvanced ASP.NET Identity. Brock Allen
Advanced ASP.NET Identity Brock Allen brockallen@gmail.com http://brockallen.com @BrockLAllen Advanced The complicated bits of ASP.NET Identity Brock Allen brockallen@gmail.com http://brockallen.com @BrockLAllen
More information1000 Ways to Die in Mobile OAuth. Eric Chen, Yutong Pei, Yuan Tian, Shuo Chen,Robert Kotcher and Patrick Tague
1000 Ways to Die in Mobile OAuth Eric Chen, Yutong Pei, Yuan Tian, Shuo Chen,Robert Kotcher and Patrick Tague What is this work about? In 2014, Studied OAuth usage in 200 Android/iOS OAuth applications.
More informationInformation Security CS 526 Topic 11
Information Security CS 526 Topic 11 Web Security Part 1 1 Readings for This Lecture Wikipedia HTTP Cookie Same Origin Policy Cross Site Scripting Cross Site Request Forgery 2 Background Many sensitive
More informationAdministering Jive Mobile Apps for ios and Android
Administering Jive Mobile Apps for ios and Android TOC 2 Contents Administering Jive Mobile Apps...3 Configuring Jive for Android and ios...3 Custom App Wrapping for ios...3 Authentication with Mobile
More informationQCon - New York. New York 18th June 2012 (June 18th for Americans)
QCon - New York New York 18th June 2012 (June 18th for Americans) 1 John Davies An ageing Über-geek Hardware, Assembler, C, Objective-C, C++, OCCAM, SmallTalk, Java Worked mostly in trading systems, FX
More informationLecture 4. Ruby on Rails 1 / 49
Lecture 4 Ruby on Rails 1 / 49 Client-Server Model 2 / 49 What is it? A client (e.g. web browser, phone, computer, etc.) sends a request to a server Request is an HTTP request Stands for HyperText Transfer
More informationGetting Started. Opening TM Control Panel. TM Control Panel User Guide Getting Started 1
TM Control Panel User Guide Getting Started 1 Getting Started Opening TM Control Panel To open TM Control Panel (CP), perform the following steps: 1 In the browser address field, type https://cp.netmyne.net.
More informationCreating Trust in a Highly Mobile World
Creating Trust in a Highly Mobile World Technical White Paper Oct, 2014 MobileCrypt with Hardware Strength Security MobileCrypt s solution leverages an Android based mobile application and a Hardware Security
More informationMeetMe Planner Design description. Version 2.2
Design description Version 2.2 Revision History Date Version Description Author 2015-07-11 1.0 First version Danijel Sokač Francesco Giarola 2015-14-11 1.1 Mockups update and new use case handling Danijel
More informationWebthority can provide single sign-on to web applications using one of the following authentication methods:
Webthority HOW TO Configure Web Single Sign-On Webthority can provide single sign-on to web applications using one of the following authentication methods: HTTP authentication (for example Kerberos, NTLM,
More informationDesigning a System. We have lots of tools Tools are rarely interesting by themselves Let s design a system... Steven M. Bellovin April 10,
Designing a System We have lots of tools Tools are rarely interesting by themselves Let s design a system... Steven M. Bellovin April 10, 2007 1 Some of Our Tools Encryption Authentication mechanisms Access
More informationSoftware Engineering 2 (SWT2) Chapter 2: Introduction into Ruby on Rails
Software Engineering 2 (SWT2) Chapter 2: Introduction into Ruby on Rails Agenda 2 Ruby & Ruby on Rails What is Ruby on Rails? A few words about Ruby Core components RESTful architecture Active Record Your
More informationContents. International Union for Conservation of Nature Basic guide to the Forum s Web-spaces
International Union for Conservation of Nature Basic guide to the Forum s Web-spaces Contents What should I use the web-spaces for? (and what I shouldn t use them for?)... 2 Where do I start?... 3 How
More informationMISP core development crash course How I learned to stop worrying and love the PHP
MISP core development crash course How I learned to stop worrying and love the PHP Team CIRCL 1 of 17 MISP Training @ Helsinki 20180423 Some things to know in advance... MISP is based on PHP 5.6+ Using
More informationFacebook Basics (for individuals)
P a g e 1 Facebook Basics (for individuals) ABOUT THIS CLASS This class is designed to give a basic introduction into Facebook Basics. Throughout the class, we will progress from learning how to create
More information12d Synergy Server Installation Guide
12d Synergy Server Installation Guide Version 3.0 April 2017 12d Solutions Pty Ltd ACN 101 351 991 PO Box 351 Narrabeen NSW Australia 2101 (02) 9970 7117 (02) 9970 7118 support@12d.com www.12d.com 12d
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationServer-based Certificate Validation Protocol
Server-based Certificate Validation Protocol Digital Certificate and PKI a public-key certificate is a digital certificate that binds a system entity's identity to a public key value, and possibly to additional
More informationArchitecture Assessment Case Study. Single Sign on Approach Document PROBLEM: Technology for a Changing World
Technology for a Changing World Architecture Assessment Case Study Single Sign on Approach Document PROBLEM: Existing portal has Sign on Capabilities based on the SQL Server database and it s not having
More informationSecurity and Privacy. SWE 432, Fall 2016 Design and Implementation of Software for the Web
Security and Privacy SWE 432, Fall 2016 Design and Implementation of Software for the Web Today Security What is it? Most important types of attacks Privacy For further reading: https://www.owasp.org/index.php/
More informationWeb Application Expectations
Effective Ruby on Rails Development Using CodeGear s Ruby IDE Shelby Sanders Principal Engineer CodeGear Copyright 2007 CodeGear. All Rights Reserved. 2007/6/14 Web Application Expectations Dynamic Static
More informationWeb Security 2 https://www.xkcd.com/177/ http://xkcd.com/1323/ Encryption basics Plaintext message key secret Encryp)on Func)on Ciphertext Insecure network Decryp)on Func)on Curses! Foiled again! key Plaintext
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationAquarium: AOP for Ruby
Aquarium: AOP for Ruby Dean Wampler Object Mentor, Inc. dean@objectmentor.com AOSD 2008 April 3, 2008 1 Goals and Features Provide an intuitive syntax. Support runtime addition and removal of advice. Advise
More informationIntegration of the platform. Technical specifications
Introduction This document is meant as a reference and specification guide to carry out the integration between Gamelearn s platform and the different Learning Management System platforms of the client,
More informationCMPE 131 Software Engineering. Database Introduction
Presented By Melvin Ch ng CMPE 131 Software Engineering September 14, 2017 Database Introduction Ruby on Rails ORM Agenda Database Management System (DBMS) SQL vs NoSQL Relational Database Introduction
More informationAuthentication for Web Services. Ray Miller Systems Development and Support Computing Services, University of Oxford
Authentication for Web Services Ray Miller Systems Development and Support Computing Services, University of Oxford Overview Password-based authentication Cookie-based authentication
More informationIntroduction. Trusted Intermediaries. CSC/ECE 574 Computer and Network Security. Outline. CSC/ECE 574 Computer and Network Security.
Trusted Intermediaries CSC/ECE 574 Computer and Network Security Topic 7. Trusted Intermediaries Problem: authentication for large networks Solution #1 Key Distribution Center () Representative solution:
More informationMFA Enrollment Guide. Multi-Factor Authentication (MFA) Enrollment guide STAGE Environment
Multi-Factor Authentication (MFA) Enrollment guide STAGE Environment December 2017 00 Table of Contents What is MFA and how does it impact the way I sign into applications? 2 MFA Enrollment Log-in 3 Setup
More informationProving who you are. Passwords and TLS
Proving who you are Passwords and TLS Basic, fundamental problem Client ( user ) How do you prove to someone that you are who you claim to be? Any system with access control must solve this Users and servers
More informationGETTING STARTED WITH MARKETPLACE PORTAL
What is Two-Factor Authentication? Systems Using Two-Factor Marketplace Portal What Do I Need to Login? Digital Certificate Credit Stacking Markets Login ID Ratings Submission Tool Scheduling Data API
More informationSSH with Globus Auth
SSH with Globus Auth Summary As the community moves away from GSI X.509 certificates, we need a replacement for GSI-OpenSSH that uses Globus Auth (see https://docs.globus.org/api/auth/ ) for authentication.
More informationUser Guide. Version R92. English
AuthAnvil User Guide Version R92 English October 9, 2015 Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept EULATOS as updated from
More informationCentrify for Dropbox Deployment Guide
CENTRIFY DEPLOYMENT GUIDE Centrify for Dropbox Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as a critical component of
More informationPrivacy and Security in Online Social Networks Department of Computer Science and Engineering Indian Institute of Technology, Madras
Privacy and Security in Online Social Networks Department of Computer Science and Engineering Indian Institute of Technology, Madras Lecture 07 Tutorial 2 Part 1 Facebook API Hi everyone, welcome to the
More informationHong Kong Access Federation (HKAF) Identity Management Practice Statement (IMPS)
Hong Kong Access Federation (HKAF) Identity Management Practice Statement (IMPS) This document (IMPS) facilitates an organization to provide relevant information to describe how it fulfils the normative
More informationIntegration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for PingFederate
SafeNet Authentication Manager Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information
More informationSecret-in.me. A pentester design of password secret manager
Secret-in.me A pentester design of password secret manager Who am I? Security engineer Working at SCRT France! Password manager Password A string Secret Information shared by very few people You have to
More informationAuthentication in Rails
Authentication in Rails Aaron Mulder CTO Chariot Solutions Philly on Rails, October 2007 1 Agenda The problem Plugins in Rails, and the (many) solutions acts_as_authenticated Generated Code Custom Code
More informationWeb basics: HTTP cookies
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh November 20, 2017 1 / 32 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the
More informationChado on Rails. a framework to simplify development on the Chado schema. Justin Reese / Chris Childers
Chado on Rails a framework to simplify development on the Chado schema Justin Reese / Chris Childers Some links: These slides: http://tinyurl.com/chadoonrails Source code, have a look: svn co http://chadoonrails.rubyforge.org/svn/trunk
More informationSalesforce1 Mobile Security White Paper. Revised: April 2014
Salesforce1 Mobile Security White Paper Revised: April 2014 Table of Contents Introduction Salesforce1 Architecture Overview Authorization and Permissions Communication Security Authentication OAuth Pairing
More information1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class
1.264 Lecture 27 Security protocols Symmetric cryptography Next class: Anderson chapter 10. Exercise due after class 1 Exercise: hotel keys What is the protocol? What attacks are possible? Copy Cut and
More informationTable of Contents EXCEL ADD-IN CHANGE LOG VERSION (OCT )... 3 New Features... 3
Table of Contents EXCEL ADD-IN CHANGE LOG... 3 VERSION 3.6.0.4 (OCT 10 2013)... 3... 3 Multiple account support... 3 Defining queries for multiple accounts... 4 Single sign on support... 4 Setting up SSO
More informationOWASP Top 10 Risks. Many thanks to Dave Wichers & OWASP
OWASP Top 10 Risks Dean.Bushmiller@ExpandingSecurity.com Many thanks to Dave Wichers & OWASP My Mom I got on the email and did a google on my boy My boy works in this Internet thing He makes cyber cafes
More informationOpen XML Gateway User Guide. CORISECIO GmbH - Uhlandstr Darmstadt - Germany -
Open XML Gateway User Guide Conventions Typographic representation: Screen text and KEYPAD Texts appearing on the screen, key pads like e.g. system messages, menu titles, - texts, or buttons are displayed
More informationSystem Structure. Steven M. Bellovin December 14,
System Structure Steven M. Bellovin December 14, 2015 1 Designing a System We have lots of tools Tools are rarely interesting by themselves Let s design a system... Steven M. Bellovin December 14, 2015
More informationWEB SECURITY WORKSHOP TEXSAW Presented by Solomon Boyd and Jiayang Wang
WEB SECURITY WORKSHOP TEXSAW 2014 Presented by Solomon Boyd and Jiayang Wang Introduction and Background Targets Web Applications Web Pages Databases Goals Steal data Gain access to system Bypass authentication
More informationClick Studios. Passwordstate. Remote Session Launcher. Installation Instructions
Passwordstate Remote Session Launcher Installation Instructions This document and the information controlled therein is the property of Click Studios. It must not be reproduced in whole/part, or otherwise
More informationUsing the MyProxy Online Credential Repository
Using the MyProxy Online Credential Repository Jim Basney National Center for Supercomputing Applications University of Illinois jbasney@ncsa.uiuc.edu What is MyProxy? Independent Globus Toolkit add-on
More informationUser Guide. Version R94. English
AuthAnvil User Guide Version R94 English March 8, 2017 Copyright Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept EULATOS as updated
More informationUser Plugins. About Plugins. Deploying Plugins
User Plugins About Plugins Artifactory Pro allows you to easily extend Artifactory's behavior with your own plugins written in Groovy. User plugins are used for running user's code in Artifactory. Plugins
More informationInformation Security CS 526 Topic 8
Information Security CS 526 Topic 8 Web Security Part 1 1 Readings for This Lecture Wikipedia HTTP Cookie Same Origin Policy Cross Site Scripting Cross Site Request Forgery 2 Background Many sensitive
More informationOverview of the Ruby Language. By Ron Haley
Overview of the Ruby Language By Ron Haley Outline Ruby About Ruby Installation Basics Ruby Conventions Arrays and Hashes Symbols Control Structures Regular Expressions Class vs. Module Blocks, Procs,
More informationUSER MANUAL. SalesPort Salesforce Customer Portal for WordPress (Lightning Mode) TABLE OF CONTENTS. Version: 3.1.0
USER MANUAL TABLE OF CONTENTS Introduction...1 Benefits of Customer Portal...1 Prerequisites...1 Installation...2 Salesforce App Installation... 2 Salesforce Lightning... 2 WordPress Manual Plug-in installation...
More information